Media Release

Electronic Frontiers Australia Inc.

Media Release 30th June 1998
CALL TO ABOLISH AUSTRALIAN CRYPTO CONTROLS
Electronic Frontiers Australia (EFA) today called for the abolition
of all controls on cryptography in Australia. EFA spokesperson Greg
Taylor said, "The current export controls are a failure because strong
cryptography software is already widely available throughout the world.
Furthermore the regulations are stifling Australian initiatives in
developing secure communications protocols."
"Far from achieving their purpose of preventing criminal activity, the
restrictions on deployment of strong cryptography increase the risk of
criminal attack on vital infrastructure such as banking and the
electricity supply system.", Mr. Taylor said.
"EFA welcomes the Australian government's recent initiatives in respect
to Electronic Commerce. However, these initiatives will come to nothing
if secure communications cannot be guaranteed. Business, privacy and
technology interests around the world are unanimous that unless there is
a relaxation of the cold-war era mentality in relation to encryption
policy, electronic commerce will never achieve its full potential. This
is also a privacy issue, a fraud prevention issue, a jobs issue, and an
international competitiveness issue."
"The Defence Department, which is responsible for administering export
controls under the terms of the Wassenaar Arrangement, has extended
Australia's compliance with the agreement by encouraging key recovery
"backdoors" in systems proposed for export licensing. This is despite
extensive international evidence that key recovery systems of the type
proposed by law enforcement agencies are fundamentally unworkable and a
risk to data security." said Mr. Taylor.
"How would Australian citizens react if they were required to lodge
copies of their home and office door keys with a government agency, so
as to enable law enforcement authorities to search their personal files
without their knowledge? Yet that is a close analogy to current
Australian policy on encryption software."
The Department of Defence has recently come under fire for threatening to
prosecute a Brisbane-based cryptography development group, who developed
a world-renowned crypto-library and made it available online to
commercial software developers. This software has been incorporated into
the leading web-server product used for secure electronic commerce. It
is generally acknowledged that the current export regulations,
administered through the Customs Act, do not apply to software made
available for downloading on the Internet, and EFA will lobby Labor and
the Democrats to oppose any moves to amend the Act to ban electronic
export.
One of the Brisbane development team, Tim Hudson, said, "The crypto export
restrictions are based on the premise that not only are there no competent
programmers or mathematicians elsewhere in the world, but also that the
Internet does not exist and that no one can read or type. The source code
behind the majority of modern encryption algorithms is available in almost
every major library in the world."
Mr Taylor continued, "Australia can show the lead by proposing that
cryptography goods be dropped from the terms of the Wassenaar Arrangement,
an international regime to control trade in high-grade munitions. Federal
Coalition policy opposes heavy-handed attempts to ban strong encryption
techniques, and the other major Federal parties have also supported
relaxation of current controls. Furthermore, the Prime Minister announced
in March that Australia would adopt the OECD Cryptography guidelines,
which are regarded as far more acceptable than existing controls. Despite
these promising statements, Australia persists with a cold-war mentality
when it comes to actually implementing policy."
"EFA intends to contact every Senator and Member of Parliament to bring
them up-to-date with this issue. Despite the importance of cryptography
to Australia's future in the Information Age, the matter has received
scant attention by the Parliament. We think it's time that our
legislators were informed about this critical issue," Mr. Taylor concluded.
Electronic Frontiers Australia is an online privacy advocacy group
concerned about the growing intrusion of government into people's personal
lives.
[ENDS]
-------------------------------------------------------------------------
For further information:
Greg Taylor - Brisbane 07 3370 6362 E-mail: [email protected]
Kim Heitman - Perth 08 9458 2790 E-mail: [email protected]
Danny Yee - Sydney 02 9351 5159 E-mail: [email protected]
Electronic Frontiers Australia Inc http://www.efa.org.au
-------------------------------------------------------------------------
BACKGROUND
What is encryption?
Encryption is technology that scrambles computer files and communications to
protect privacy. It protects everything from medical records to ATM
transactions.
What is Australian government policy on encryption?
Australia is a party to the Wassenaar Arrangement, which treats strong
encryption software like high-grade munitions products. Export of all
encryption products is banned unless a license is granted by the Minister
for Defence.
What is the Wassenaar Arrangement?
This is a 1995 international regime to control trade in conventional arms
and dual-use goods and technology. It replaced the previous COCOM regime.
33 countries are signatories, including most European countries, Canada,
Japan, New Zealand, the USA and Australia.
How are licenses determined?
Export licenses are determined on a case by case basis. There is no
published policy information to assist potential licensees. However, it is
known that Australia closely follows US government policy and will issue
licenses to strong encryption products if key recovery is implemented.
Australian companies have already lost export orders because of this policy.
What is key recovery?
This is a method which allows an authorised agency to obtain the encryption
key of a particular person or entity in order to decrypt messages or files
without the cooperation or knowledge of the owner.
How does this affect domestic use of encryption?
At present there are no restrictions on domestic use in Australia.
However, Australia is one of the few nations that has yet to announce its
future plans for encryption policy. In the USA there are legislative moves
to impose restrictions on American citizens. If these moves succeed,
the US government is likely to place heavy pressure on other nations to
follow suit.
Why does EFA believe current policy is a failure?
Products employing strong encryption are freely and widely available throughout
the world, particularly on the Internet. The algorithms used are public
knowledge and are available from any major library. Export controls only
inhibit legitimate business activity. They have little effect on any
potential criminal usage. EFA's views on this matter reflect those of
academics, cryptographers and policy analysts around the world.
Why is this issue important?
Australia is currently placing great importance on the future of Electronic
Commerce. Business, privacy and technology interests around the world are
unanimous that unless there is a relaxation of the cold-war era mentality
in relation to encryption policy, electronic commerce will never achieve its
full potential. This is also a privacy issue. It's a consumer issue. It's a
medical records issue. It's a fraud prevention issue. It's a jobs issue.
It's an international competitiveness issue.
References:
Cryptography: Brute Force Attack
Is the Security of Australian business under attack from hackers and
legislators alike?
LAN Magazine, Australia. June 1998.
http://www.lanlive.com
Review of policy relating to encryption technologies (Walsh Review).
Commonwealth Attorney-General's Department 1996.
http://www.efa.org.au/Issues/Crypto/Walsh/
Crypto Politics. Electronic Frontiers Australia.
http://www.efa.org.au/Issues/Crypto/crypto2.html
Distributing encryption software by the Internet: Loopholes in Australian
export controls. Patrick Gunning, Mallesons Stephen Jacques, 1998.
http://www2.austlii.edu.au/itlaw/articles/Gunning_Encryption.html
The Federal Coalition's "Australia Online" pre-election policy on privacy
and commercial security.
http://www.liberal.org.au/ARCHIVES/ONLINE/online.htm
The Risks of Key Recovery, Key Escrow, and Trusted Third Party Encryption.
A Report by an Ad Hoc Group of Cryptographers and Computer Scientists, 1998.
http://www.crypto.com/key_study
Cryptography's Role in Securing the Information Society.
National Research Council, USA, 1996.
http://www.replay.com/mirror/nrc/